2
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34
#include "krb5_locl.h"
38
struct addr_operations {
40
krb5_address_type atype;
41
size_t max_sockaddr_size;
42
krb5_error_code (*sockaddr2addr)(const struct sockaddr *, krb5_address *);
43
krb5_error_code (*sockaddr2port)(const struct sockaddr *, int16_t *);
44
void (*addr2sockaddr)(const krb5_address *, struct sockaddr *,
45
krb5_socklen_t *sa_size, int port);
46
void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
47
krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
48
krb5_boolean (*uninteresting)(const struct sockaddr *);
49
void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
50
int (*print_addr)(const krb5_address *, char *, size_t);
51
int (*parse_addr)(krb5_context, const char*, krb5_address *);
52
int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*);
53
int (*free_addr)(krb5_context, krb5_address*);
54
int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*);
55
int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long,
56
krb5_address*, krb5_address*);
60
* AF_INET - aka IPv4 implementation
63
static krb5_error_code
64
ipv4_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
66
const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
69
a->addr_type = KRB5_ADDRESS_INET;
70
memcpy (buf, &sin4->sin_addr, 4);
71
return krb5_data_copy(&a->address, buf, 4);
74
static krb5_error_code
75
ipv4_sockaddr2port (const struct sockaddr *sa, int16_t *port)
77
const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
79
*port = sin4->sin_port;
84
ipv4_addr2sockaddr (const krb5_address *a,
86
krb5_socklen_t *sa_size,
89
struct sockaddr_in tmp;
91
memset (&tmp, 0, sizeof(tmp));
92
tmp.sin_family = AF_INET;
93
memcpy (&tmp.sin_addr, a->address.data, 4);
95
memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
96
*sa_size = sizeof(tmp);
100
ipv4_h_addr2sockaddr(const char *addr,
102
krb5_socklen_t *sa_size,
105
struct sockaddr_in tmp;
107
memset (&tmp, 0, sizeof(tmp));
108
tmp.sin_family = AF_INET;
110
tmp.sin_addr = *((const struct in_addr *)addr);
111
memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
112
*sa_size = sizeof(tmp);
115
static krb5_error_code
116
ipv4_h_addr2addr (const char *addr,
119
unsigned char buf[4];
121
a->addr_type = KRB5_ADDRESS_INET;
122
memcpy(buf, addr, 4);
123
return krb5_data_copy(&a->address, buf, 4);
127
* Are there any addresses that should be considered `uninteresting'?
131
ipv4_uninteresting (const struct sockaddr *sa)
133
const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
135
if (sin4->sin_addr.s_addr == INADDR_ANY)
142
ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
144
struct sockaddr_in tmp;
146
memset (&tmp, 0, sizeof(tmp));
147
tmp.sin_family = AF_INET;
149
tmp.sin_addr.s_addr = INADDR_ANY;
150
memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
151
*sa_size = sizeof(tmp);
155
ipv4_print_addr (const krb5_address *addr, char *str, size_t len)
159
memcpy (&ia, addr->address.data, 4);
161
return snprintf (str, len, "IPv4:%s", inet_ntoa(ia));
165
ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
170
p = strchr(address, ':');
173
if(strncasecmp(address, "ip:", p - address) != 0 &&
174
strncasecmp(address, "ip4:", p - address) != 0 &&
175
strncasecmp(address, "ipv4:", p - address) != 0 &&
176
strncasecmp(address, "inet:", p - address) != 0)
180
#ifdef HAVE_INET_ATON
181
if(inet_aton(p, &a) == 0)
183
#elif defined(HAVE_INET_ADDR)
184
a.s_addr = inet_addr(p);
185
if(a.s_addr == INADDR_NONE)
190
addr->addr_type = KRB5_ADDRESS_INET;
191
if(krb5_data_alloc(&addr->address, 4) != 0)
193
_krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length);
198
ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr,
199
unsigned long len, krb5_address *low, krb5_address *high)
202
uint32_t l, h, m = 0xffffffff;
205
krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
206
N_("IPv4 prefix too large (%ld)", "len"), len);
207
return KRB5_PROG_ATYPE_NOSUPP;
211
_krb5_get_int(inaddr->address.data, &ia, inaddr->address.length);
216
low->addr_type = KRB5_ADDRESS_INET;
217
if(krb5_data_alloc(&low->address, 4) != 0)
219
_krb5_put_int(low->address.data, l, low->address.length);
221
high->addr_type = KRB5_ADDRESS_INET;
222
if(krb5_data_alloc(&high->address, 4) != 0) {
223
krb5_free_address(context, low);
226
_krb5_put_int(high->address.data, h, high->address.length);
233
* AF_INET6 - aka IPv6 implementation
238
static krb5_error_code
239
ipv6_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
241
const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
243
if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
244
unsigned char buf[4];
246
a->addr_type = KRB5_ADDRESS_INET;
247
#ifndef IN6_ADDR_V6_TO_V4
248
#ifdef IN6_EXTRACT_V4ADDR
249
#define IN6_ADDR_V6_TO_V4(x) (&IN6_EXTRACT_V4ADDR(x))
251
#define IN6_ADDR_V6_TO_V4(x) ((const struct in_addr *)&(x)->s6_addr[12])
254
memcpy (buf, IN6_ADDR_V6_TO_V4(&sin6->sin6_addr), 4);
255
return krb5_data_copy(&a->address, buf, 4);
257
a->addr_type = KRB5_ADDRESS_INET6;
258
return krb5_data_copy(&a->address,
260
sizeof(sin6->sin6_addr));
264
static krb5_error_code
265
ipv6_sockaddr2port (const struct sockaddr *sa, int16_t *port)
267
const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
269
*port = sin6->sin6_port;
274
ipv6_addr2sockaddr (const krb5_address *a,
276
krb5_socklen_t *sa_size,
279
struct sockaddr_in6 tmp;
281
memset (&tmp, 0, sizeof(tmp));
282
tmp.sin6_family = AF_INET6;
283
memcpy (&tmp.sin6_addr, a->address.data, sizeof(tmp.sin6_addr));
284
tmp.sin6_port = port;
285
memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
286
*sa_size = sizeof(tmp);
290
ipv6_h_addr2sockaddr(const char *addr,
292
krb5_socklen_t *sa_size,
295
struct sockaddr_in6 tmp;
297
memset (&tmp, 0, sizeof(tmp));
298
tmp.sin6_family = AF_INET6;
299
tmp.sin6_port = port;
300
tmp.sin6_addr = *((const struct in6_addr *)addr);
301
memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
302
*sa_size = sizeof(tmp);
305
static krb5_error_code
306
ipv6_h_addr2addr (const char *addr,
309
a->addr_type = KRB5_ADDRESS_INET6;
310
return krb5_data_copy(&a->address, addr, sizeof(struct in6_addr));
318
ipv6_uninteresting (const struct sockaddr *sa)
320
const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
321
const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
324
IN6_IS_ADDR_LINKLOCAL(in6)
325
|| IN6_IS_ADDR_V4COMPAT(in6);
329
ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
331
struct sockaddr_in6 tmp;
333
memset (&tmp, 0, sizeof(tmp));
334
tmp.sin6_family = AF_INET6;
335
tmp.sin6_port = port;
336
tmp.sin6_addr = in6addr_any;
337
*sa_size = sizeof(tmp);
341
ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
343
char buf[128], buf2[3];
344
#ifdef HAVE_INET_NTOP
345
if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
348
/* XXX this is pretty ugly, but better than abort() */
350
unsigned char *p = addr->address.data;
352
for(i = 0; i < addr->address.length; i++) {
353
snprintf(buf2, sizeof(buf2), "%02x", p[i]);
354
if(i > 0 && (i & 1) == 0)
355
strlcat(buf, ":", sizeof(buf));
356
strlcat(buf, buf2, sizeof(buf));
359
return snprintf(str, len, "IPv6:%s", buf);
363
ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr)
369
p = strchr(address, ':');
372
if(strncasecmp(address, "ip6:", p - address) == 0 ||
373
strncasecmp(address, "ipv6:", p - address) == 0 ||
374
strncasecmp(address, "inet6:", p - address) == 0)
378
ret = inet_pton(AF_INET6, address, &in6.s6_addr);
380
addr->addr_type = KRB5_ADDRESS_INET6;
381
ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr));
384
memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr));
391
ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr,
392
unsigned long len, krb5_address *low, krb5_address *high)
394
struct in6_addr addr, laddr, haddr;
399
krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
400
N_("IPv6 prefix too large (%ld)", "length"), len);
401
return KRB5_PROG_ATYPE_NOSUPP;
404
if (inaddr->address.length != sizeof(addr)) {
405
krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
406
N_("IPv6 addr bad length", ""));
407
return KRB5_PROG_ATYPE_NOSUPP;
410
memcpy(&addr, inaddr->address.data, inaddr->address.length);
412
for (i = 0; i < 16; i++) {
413
sub_len = min(8, len);
415
m = 0xff << (8 - sub_len);
417
laddr.s6_addr[i] = addr.s6_addr[i] & m;
418
haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m;
426
low->addr_type = KRB5_ADDRESS_INET6;
427
if (krb5_data_alloc(&low->address, sizeof(laddr.s6_addr)) != 0)
429
memcpy(low->address.data, laddr.s6_addr, sizeof(laddr.s6_addr));
431
high->addr_type = KRB5_ADDRESS_INET6;
432
if (krb5_data_alloc(&high->address, sizeof(haddr.s6_addr)) != 0) {
433
krb5_free_address(context, low);
436
memcpy(high->address.data, haddr.s6_addr, sizeof(haddr.s6_addr));
443
#ifndef HEIMDAL_SMALLER
449
#define KRB5_ADDRESS_ARANGE (-100)
457
arange_parse_addr (krb5_context context,
458
const char *address, krb5_address *addr)
461
krb5_address low0, high0;
465
if(strncasecmp(address, "RANGE:", 6) != 0)
470
p = strrchr(address, '/');
472
krb5_addresses addrmask;
476
if (strlcpy(buf, address, sizeof(buf)) > sizeof(buf))
478
buf[p - address] = '\0';
479
ret = krb5_parse_address(context, buf, &addrmask);
482
if(addrmask.len != 1) {
483
krb5_free_addresses(context, &addrmask);
487
address += p - address + 1;
489
num = strtol(address, &q, 10);
490
if (q == address || *q != '\0' || num < 0) {
491
krb5_free_addresses(context, &addrmask);
495
ret = krb5_address_prefixlen_boundary(context, &addrmask.val[0], num,
497
krb5_free_addresses(context, &addrmask);
502
krb5_addresses low, high;
504
strsep_copy(&address, "-", buf, sizeof(buf));
505
ret = krb5_parse_address(context, buf, &low);
509
krb5_free_addresses(context, &low);
513
strsep_copy(&address, "-", buf, sizeof(buf));
514
ret = krb5_parse_address(context, buf, &high);
516
krb5_free_addresses(context, &low);
520
if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) {
521
krb5_free_addresses(context, &low);
522
krb5_free_addresses(context, &high);
526
ret = krb5_copy_address(context, &high.val[0], &high0);
528
ret = krb5_copy_address(context, &low.val[0], &low0);
530
krb5_free_address(context, &high0);
532
krb5_free_addresses(context, &low);
533
krb5_free_addresses(context, &high);
538
krb5_data_alloc(&addr->address, sizeof(*a));
539
addr->addr_type = KRB5_ADDRESS_ARANGE;
540
a = addr->address.data;
542
if(krb5_address_order(context, &low0, &high0) < 0) {
553
arange_free (krb5_context context, krb5_address *addr)
556
a = addr->address.data;
557
krb5_free_address(context, &a->low);
558
krb5_free_address(context, &a->high);
559
krb5_data_free(&addr->address);
565
arange_copy (krb5_context context, const krb5_address *inaddr,
566
krb5_address *outaddr)
569
struct arange *i, *o;
571
outaddr->addr_type = KRB5_ADDRESS_ARANGE;
572
ret = krb5_data_alloc(&outaddr->address, sizeof(*o));
575
i = inaddr->address.data;
576
o = outaddr->address.data;
577
ret = krb5_copy_address(context, &i->low, &o->low);
579
krb5_data_free(&outaddr->address);
582
ret = krb5_copy_address(context, &i->high, &o->high);
584
krb5_free_address(context, &o->low);
585
krb5_data_free(&outaddr->address);
592
arange_print_addr (const krb5_address *addr, char *str, size_t len)
596
size_t l, size, ret_len;
598
a = addr->address.data;
600
l = strlcpy(str, "RANGE:", len);
606
ret = krb5_print_address (&a->low, str + size, len - size, &l);
615
l = strlcat(str + size, "-", len - size);
622
ret = krb5_print_address (&a->high, str + size, len - size, &l);
631
arange_order_addr(krb5_context context,
632
const krb5_address *addr1,
633
const krb5_address *addr2)
635
int tmp1, tmp2, sign;
637
const krb5_address *a2;
639
if(addr1->addr_type == KRB5_ADDRESS_ARANGE) {
640
a = addr1->address.data;
643
} else if(addr2->addr_type == KRB5_ADDRESS_ARANGE) {
644
a = addr2->address.data;
650
if(a2->addr_type == KRB5_ADDRESS_ARANGE) {
651
struct arange *b = a2->address.data;
652
tmp1 = krb5_address_order(context, &a->low, &b->low);
655
return sign * krb5_address_order(context, &a->high, &b->high);
656
} else if(a2->addr_type == a->low.addr_type) {
657
tmp1 = krb5_address_order(context, &a->low, a2);
660
tmp2 = krb5_address_order(context, &a->high, a2);
665
return sign * (addr1->addr_type - addr2->addr_type);
669
#endif /* HEIMDAL_SMALLER */
672
addrport_print_addr (const krb5_address *addr, char *str, size_t len)
675
krb5_address addr1, addr2;
677
size_t ret_len = 0, l, size = 0;
680
sp = krb5_storage_from_data((krb5_data*)rk_UNCONST(&addr->address));
681
/* for totally obscure reasons, these are not in network byteorder */
682
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
684
krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */
685
krb5_ret_address(sp, &addr1);
687
krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */
688
krb5_ret_address(sp, &addr2);
689
krb5_storage_free(sp);
690
if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) {
692
_krb5_get_int(addr2.address.data, &value, 2);
695
l = strlcpy(str, "ADDRPORT:", len);
702
ret = krb5_print_address(&addr1, str + size, len - size, &l);
711
ret = snprintf(str + size, len - size, ",PORT=%u", port);
718
static struct addr_operations at[] = {
719
{AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
723
ipv4_h_addr2sockaddr,
725
ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr,
726
NULL, NULL, NULL, ipv4_mask_boundary },
728
{AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
732
ipv6_h_addr2sockaddr,
734
ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr,
735
NULL, NULL, NULL, ipv6_mask_boundary } ,
737
#ifndef HEIMDAL_SMALLER
738
/* fake address type */
739
{KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
740
NULL, NULL, NULL, NULL, NULL, NULL, NULL,
741
arange_print_addr, arange_parse_addr,
742
arange_order_addr, arange_free, arange_copy },
744
{KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
745
NULL, NULL, NULL, NULL, NULL,
746
NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }
749
static int num_addrs = sizeof(at) / sizeof(at[0]);
751
static size_t max_sockaddr_size = 0;
757
static struct addr_operations *
760
struct addr_operations *a;
762
for (a = at; a < at + num_addrs; ++a)
768
static struct addr_operations *
769
find_atype(int atype)
771
struct addr_operations *a;
773
for (a = at; a < at + num_addrs; ++a)
774
if (atype == a->atype)
780
* krb5_sockaddr2address stores a address a "struct sockaddr" sa in
781
* the krb5_address addr.
783
* @param context a Keberos context
784
* @param sa a struct sockaddr to extract the address from
785
* @param addr an Kerberos 5 address to store the address in.
787
* @return Return an error code or 0.
789
* @ingroup krb5_address
792
krb5_error_code KRB5_LIB_FUNCTION
793
krb5_sockaddr2address (krb5_context context,
794
const struct sockaddr *sa, krb5_address *addr)
796
struct addr_operations *a = find_af(sa->sa_family);
798
krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
799
N_("Address family %d not supported", ""),
801
return KRB5_PROG_ATYPE_NOSUPP;
803
return (*a->sockaddr2addr)(sa, addr);
807
* krb5_sockaddr2port extracts a port (if possible) from a "struct
810
* @param context a Keberos context
811
* @param sa a struct sockaddr to extract the port from
812
* @param port a pointer to an int16_t store the port in.
814
* @return Return an error code or 0. Will return
815
* KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
817
* @ingroup krb5_address
820
krb5_error_code KRB5_LIB_FUNCTION
821
krb5_sockaddr2port (krb5_context context,
822
const struct sockaddr *sa, int16_t *port)
824
struct addr_operations *a = find_af(sa->sa_family);
826
krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
827
N_("Address family %d not supported", ""),
829
return KRB5_PROG_ATYPE_NOSUPP;
831
return (*a->sockaddr2port)(sa, port);
835
* krb5_addr2sockaddr sets the "struct sockaddr sockaddr" from addr
836
* and port. The argument sa_size should initially contain the size of
837
* the sa and after the call, it will contain the actual length of the
838
* address. In case of the sa is too small to fit the whole address,
839
* the up to *sa_size will be stored, and then *sa_size will be set to
840
* the required length.
842
* @param context a Keberos context
843
* @param addr the address to copy the from
844
* @param sa the struct sockaddr that will be filled in
845
* @param sa_size pointer to length of sa, and after the call, it will
846
* contain the actual length of the address.
847
* @param port set port in sa.
849
* @return Return an error code or 0. Will return
850
* KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
852
* @ingroup krb5_address
855
krb5_error_code KRB5_LIB_FUNCTION
856
krb5_addr2sockaddr (krb5_context context,
857
const krb5_address *addr,
859
krb5_socklen_t *sa_size,
862
struct addr_operations *a = find_atype(addr->addr_type);
865
krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
866
N_("Address type %d not supported",
867
"krb5_address type"),
869
return KRB5_PROG_ATYPE_NOSUPP;
871
if (a->addr2sockaddr == NULL) {
872
krb5_set_error_message (context,
873
KRB5_PROG_ATYPE_NOSUPP,
874
N_("Can't convert address type %d to sockaddr", ""),
876
return KRB5_PROG_ATYPE_NOSUPP;
878
(*a->addr2sockaddr)(addr, sa, sa_size, port);
883
* krb5_max_sockaddr_size returns the max size of the .Li struct
884
* sockaddr that the Kerberos library will return.
886
* @return Return an size_t of the maximum struct sockaddr.
888
* @ingroup krb5_address
891
size_t KRB5_LIB_FUNCTION
892
krb5_max_sockaddr_size (void)
894
if (max_sockaddr_size == 0) {
895
struct addr_operations *a;
897
for(a = at; a < at + num_addrs; ++a)
898
max_sockaddr_size = max(max_sockaddr_size, a->max_sockaddr_size);
900
return max_sockaddr_size;
904
* krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the
905
* kerberos library thinks are uninteresting. One example are link
908
* @param sa pointer to struct sockaddr that might be interesting.
910
* @return Return a non zero for uninteresting addresses.
912
* @ingroup krb5_address
915
krb5_boolean KRB5_LIB_FUNCTION
916
krb5_sockaddr_uninteresting(const struct sockaddr *sa)
918
struct addr_operations *a = find_af(sa->sa_family);
919
if (a == NULL || a->uninteresting == NULL)
921
return (*a->uninteresting)(sa);
925
* krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and
926
* the "struct hostent" (see gethostbyname(3) ) h_addr_list
927
* component. The argument sa_size should initially contain the size
928
* of the sa, and after the call, it will contain the actual length of
931
* @param context a Keberos context
932
* @param af addresses
933
* @param addr address
934
* @param sa returned struct sockaddr
935
* @param sa_size size of sa
936
* @param port port to set in sa.
938
* @return Return an error code or 0.
940
* @ingroup krb5_address
943
krb5_error_code KRB5_LIB_FUNCTION
944
krb5_h_addr2sockaddr (krb5_context context,
946
const char *addr, struct sockaddr *sa,
947
krb5_socklen_t *sa_size,
950
struct addr_operations *a = find_af(af);
952
krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
953
"Address family %d not supported", af);
954
return KRB5_PROG_ATYPE_NOSUPP;
956
(*a->h_addr2sockaddr)(addr, sa, sa_size, port);
961
* krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception
962
* that it operates on a krb5_address instead of a struct sockaddr.
964
* @param context a Keberos context
965
* @param af address family
966
* @param haddr host address from struct hostent.
967
* @param addr returned krb5_address.
969
* @return Return an error code or 0.
971
* @ingroup krb5_address
974
krb5_error_code KRB5_LIB_FUNCTION
975
krb5_h_addr2addr (krb5_context context,
977
const char *haddr, krb5_address *addr)
979
struct addr_operations *a = find_af(af);
981
krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
982
N_("Address family %d not supported", ""), af);
983
return KRB5_PROG_ATYPE_NOSUPP;
985
return (*a->h_addr2addr)(haddr, addr);
989
* krb5_anyaddr fills in a "struct sockaddr sa" that can be used to
990
* bind(2) to. The argument sa_size should initially contain the size
991
* of the sa, and after the call, it will contain the actual length
994
* @param context a Keberos context
995
* @param af address family
997
* @param sa_size lenght of sa.
998
* @param port for to fill into sa.
1000
* @return Return an error code or 0.
1002
* @ingroup krb5_address
1005
krb5_error_code KRB5_LIB_FUNCTION
1006
krb5_anyaddr (krb5_context context,
1008
struct sockaddr *sa,
1009
krb5_socklen_t *sa_size,
1012
struct addr_operations *a = find_af (af);
1015
krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
1016
N_("Address family %d not supported", ""), af);
1017
return KRB5_PROG_ATYPE_NOSUPP;
1020
(*a->anyaddr)(sa, sa_size, port);
1025
* krb5_print_address prints the address in addr to the string string
1026
* that have the length len. If ret_len is not NULL, it will be filled
1027
* with the length of the string if size were unlimited (not including
1030
* @param addr address to be printed
1031
* @param str pointer string to print the address into
1032
* @param len length that will fit into area pointed to by "str".
1033
* @param ret_len return length the str.
1035
* @return Return an error code or 0.
1037
* @ingroup krb5_address
1040
krb5_error_code KRB5_LIB_FUNCTION
1041
krb5_print_address (const krb5_address *addr,
1042
char *str, size_t len, size_t *ret_len)
1044
struct addr_operations *a = find_atype(addr->addr_type);
1047
if (a == NULL || a->print_addr == NULL) {
1053
l = snprintf(s, len, "TYPE_%d:", addr->addr_type);
1054
if (l < 0 || l >= len)
1058
for(i = 0; i < addr->address.length; i++) {
1059
l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]);
1060
if (l < 0 || l >= len)
1069
ret = (*a->print_addr)(addr, str, len);
1078
* krb5_parse_address returns the resolved hostname in string to the
1079
* krb5_addresses addresses .
1081
* @param context a Keberos context
1085
* @return Return an error code or 0.
1087
* @ingroup krb5_address
1090
krb5_error_code KRB5_LIB_FUNCTION
1091
krb5_parse_address(krb5_context context,
1093
krb5_addresses *addresses)
1096
struct addrinfo *ai, *a;
1101
addresses->val = NULL;
1103
for(i = 0; i < num_addrs; i++) {
1104
if(at[i].parse_addr) {
1106
if((*at[i].parse_addr)(context, string, &addr) == 0) {
1107
ALLOC_SEQ(addresses, 1);
1108
if (addresses->val == NULL) {
1109
krb5_set_error_message(context, ENOMEM,
1110
N_("malloc: out of memory", ""));
1113
addresses->val[0] = addr;
1119
error = getaddrinfo (string, NULL, NULL, &ai);
1121
krb5_error_code ret2;
1123
ret2 = krb5_eai_to_heim_errno(error, save_errno);
1124
krb5_set_error_message (context, ret2, "%s: %s",
1125
string, gai_strerror(error));
1130
for (a = ai; a != NULL; a = a->ai_next)
1133
ALLOC_SEQ(addresses, n);
1134
if (addresses->val == NULL) {
1135
krb5_set_error_message(context, ENOMEM,
1136
N_("malloc: out of memory", ""));
1142
for (a = ai, i = 0; a != NULL; a = a->ai_next) {
1143
if (krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]))
1145
if(krb5_address_search(context, &addresses->val[i], addresses))
1155
* krb5_address_order compares the addresses addr1 and addr2 so that
1156
* it can be used for sorting addresses. If the addresses are the same
1157
* address krb5_address_order will return 0. Behavies like memcmp(2).
1159
* @param context a Keberos context
1160
* @param addr1 krb5_address to compare
1161
* @param addr2 krb5_address to compare
1163
* @return < 0 if address addr1 in "less" then addr2. 0 if addr1 and
1164
* addr2 is the same address, > 0 if addr2 is "less" then addr1.
1166
* @ingroup krb5_address
1169
int KRB5_LIB_FUNCTION
1170
krb5_address_order(krb5_context context,
1171
const krb5_address *addr1,
1172
const krb5_address *addr2)
1174
/* this sucks; what if both addresses have order functions, which
1175
should we call? this works for now, though */
1176
struct addr_operations *a;
1177
a = find_atype(addr1->addr_type);
1179
krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
1180
N_("Address family %d not supported", ""),
1182
return KRB5_PROG_ATYPE_NOSUPP;
1184
if(a->order_addr != NULL)
1185
return (*a->order_addr)(context, addr1, addr2);
1186
a = find_atype(addr2->addr_type);
1188
krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP,
1189
N_("Address family %d not supported", ""),
1191
return KRB5_PROG_ATYPE_NOSUPP;
1193
if(a->order_addr != NULL)
1194
return (*a->order_addr)(context, addr1, addr2);
1196
if(addr1->addr_type != addr2->addr_type)
1197
return addr1->addr_type - addr2->addr_type;
1198
if(addr1->address.length != addr2->address.length)
1199
return addr1->address.length - addr2->address.length;
1200
return memcmp (addr1->address.data,
1201
addr2->address.data,
1202
addr1->address.length);
1206
* krb5_address_compare compares the addresses addr1 and addr2.
1207
* Returns TRUE if the two addresses are the same.
1209
* @param context a Keberos context
1210
* @param addr1 address to compare
1211
* @param addr2 address to compare
1213
* @return Return an TRUE is the address are the same FALSE if not
1215
* @ingroup krb5_address
1218
krb5_boolean KRB5_LIB_FUNCTION
1219
krb5_address_compare(krb5_context context,
1220
const krb5_address *addr1,
1221
const krb5_address *addr2)
1223
return krb5_address_order (context, addr1, addr2) == 0;
1227
* krb5_address_search checks if the address addr is a member of the
1228
* address set list addrlist .
1230
* @param context a Keberos context.
1231
* @param addr address to search for.
1232
* @param addrlist list of addresses to look in for addr.
1234
* @return Return an error code or 0.
1236
* @ingroup krb5_address
1239
krb5_boolean KRB5_LIB_FUNCTION
1240
krb5_address_search(krb5_context context,
1241
const krb5_address *addr,
1242
const krb5_addresses *addrlist)
1246
for (i = 0; i < addrlist->len; ++i)
1247
if (krb5_address_compare (context, addr, &addrlist->val[i]))
1253
* krb5_free_address frees the data stored in the address that is
1254
* alloced with any of the krb5_address functions.
1256
* @param context a Keberos context
1257
* @param address addresss to be freed.
1259
* @return Return an error code or 0.
1261
* @ingroup krb5_address
1264
krb5_error_code KRB5_LIB_FUNCTION
1265
krb5_free_address(krb5_context context,
1266
krb5_address *address)
1268
struct addr_operations *a = find_atype (address->addr_type);
1269
if(a != NULL && a->free_addr != NULL)
1270
return (*a->free_addr)(context, address);
1271
krb5_data_free (&address->address);
1272
memset(address, 0, sizeof(*address));
1277
* krb5_free_addresses frees the data stored in the address that is
1278
* alloced with any of the krb5_address functions.
1280
* @param context a Keberos context
1281
* @param addresses addressses to be freed.
1283
* @return Return an error code or 0.
1285
* @ingroup krb5_address
1288
krb5_error_code KRB5_LIB_FUNCTION
1289
krb5_free_addresses(krb5_context context,
1290
krb5_addresses *addresses)
1293
for(i = 0; i < addresses->len; i++)
1294
krb5_free_address(context, &addresses->val[i]);
1295
free(addresses->val);
1297
addresses->val = NULL;
1302
* krb5_copy_address copies the content of address
1303
* inaddr to outaddr.
1305
* @param context a Keberos context
1306
* @param inaddr pointer to source address
1307
* @param outaddr pointer to destination address
1309
* @return Return an error code or 0.
1311
* @ingroup krb5_address
1314
krb5_error_code KRB5_LIB_FUNCTION
1315
krb5_copy_address(krb5_context context,
1316
const krb5_address *inaddr,
1317
krb5_address *outaddr)
1319
struct addr_operations *a = find_af (inaddr->addr_type);
1320
if(a != NULL && a->copy_addr != NULL)
1321
return (*a->copy_addr)(context, inaddr, outaddr);
1322
return copy_HostAddress(inaddr, outaddr);
1326
* krb5_copy_addresses copies the content of addresses
1327
* inaddr to outaddr.
1329
* @param context a Keberos context
1330
* @param inaddr pointer to source addresses
1331
* @param outaddr pointer to destination addresses
1333
* @return Return an error code or 0.
1335
* @ingroup krb5_address
1338
krb5_error_code KRB5_LIB_FUNCTION
1339
krb5_copy_addresses(krb5_context context,
1340
const krb5_addresses *inaddr,
1341
krb5_addresses *outaddr)
1344
ALLOC_SEQ(outaddr, inaddr->len);
1345
if(inaddr->len > 0 && outaddr->val == NULL)
1347
for(i = 0; i < inaddr->len; i++)
1348
krb5_copy_address(context, &inaddr->val[i], &outaddr->val[i]);
1353
* krb5_append_addresses adds the set of addresses in source to
1354
* dest. While copying the addresses, duplicates are also sorted out.
1356
* @param context a Keberos context
1357
* @param dest destination of copy operation
1358
* @param source adresses that are going to be added to dest
1360
* @return Return an error code or 0.
1362
* @ingroup krb5_address
1365
krb5_error_code KRB5_LIB_FUNCTION
1366
krb5_append_addresses(krb5_context context,
1367
krb5_addresses *dest,
1368
const krb5_addresses *source)
1371
krb5_error_code ret;
1373
if(source->len > 0) {
1374
tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
1376
krb5_set_error_message (context, ENOMEM,
1377
N_("malloc: out of memory", ""));
1381
for(i = 0; i < source->len; i++) {
1382
/* skip duplicates */
1383
if(krb5_address_search(context, &source->val[i], dest))
1385
ret = krb5_copy_address(context,
1387
&dest->val[dest->len]);
1397
* Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
1399
* @param context a Keberos context
1400
* @param res built address from addr/port
1401
* @param addr address to use
1402
* @param port port to use
1404
* @return Return an error code or 0.
1406
* @ingroup krb5_address
1409
krb5_error_code KRB5_LIB_FUNCTION
1410
krb5_make_addrport (krb5_context context,
1411
krb5_address **res, const krb5_address *addr, int16_t port)
1413
krb5_error_code ret;
1414
size_t len = addr->address.length + 2 + 4 * 4;
1417
*res = malloc (sizeof(**res));
1419
krb5_set_error_message (context, ENOMEM,
1420
N_("malloc: out of memory", ""));
1423
(*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
1424
ret = krb5_data_alloc (&(*res)->address, len);
1426
krb5_set_error_message (context, ret,
1427
N_("malloc: out of memory", ""));
1432
p = (*res)->address.data;
1435
*p++ = (addr->addr_type ) & 0xFF;
1436
*p++ = (addr->addr_type >> 8) & 0xFF;
1438
*p++ = (addr->address.length ) & 0xFF;
1439
*p++ = (addr->address.length >> 8) & 0xFF;
1440
*p++ = (addr->address.length >> 16) & 0xFF;
1441
*p++ = (addr->address.length >> 24) & 0xFF;
1443
memcpy (p, addr->address.data, addr->address.length);
1444
p += addr->address.length;
1448
*p++ = (KRB5_ADDRESS_IPPORT ) & 0xFF;
1449
*p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF;
1452
*p++ = (2 >> 8) & 0xFF;
1453
*p++ = (2 >> 16) & 0xFF;
1454
*p++ = (2 >> 24) & 0xFF;
1456
memcpy (p, &port, 2);
1463
* Calculate the boundary addresses of `inaddr'/`prefixlen' and store
1464
* them in `low' and `high'.
1466
* @param context a Keberos context
1467
* @param inaddr address in prefixlen that the bondery searched
1468
* @param prefixlen width of boundery
1469
* @param low lowest address
1470
* @param high highest address
1472
* @return Return an error code or 0.
1474
* @ingroup krb5_address
1477
krb5_error_code KRB5_LIB_FUNCTION
1478
krb5_address_prefixlen_boundary(krb5_context context,
1479
const krb5_address *inaddr,
1480
unsigned long prefixlen,
1484
struct addr_operations *a = find_atype (inaddr->addr_type);
1485
if(a != NULL && a->mask_boundary != NULL)
1486
return (*a->mask_boundary)(context, inaddr, prefixlen, low, high);
1487
krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP,
1488
N_("Address family %d doesn't support "
1489
"address mask operation", ""),
1491
return KRB5_PROG_ATYPE_NOSUPP;